System and method of data security in synchronizing data with a wireless device

ABSTRACT

A system is disclosed. The system includes a server, a client application, and a first database. The first database is associated with the client application. The system further includes a second database to store data in an encrypted format, and a replicator to synchronize the data stored in the first and second databases. The system also includes a synchronizer to synchronize the data stored in the second database and the server based on a current security level.

RELATED APPLICATION

This is a non-provisional application based on a provisional application Ser. No. 60/622,813 filed on Oct. 28, 2004 and claims priority thereof.

FIELD OF THE INVENTION

This invention relates generally to the field of data synchronization. More particularly, the invention relates to a system and method for secure synchronization between server and a device.

BACKGROUND

A variety of wireless data processing devices have been introduced over the past several years. These include wireless personal digital assistants (“PDAs”) such as the Palm® VIIx handheld, cellular phones equipped with data processing capabilities (e.g., those which include wireless application protocol (“WAP”) support), and, more recently, wireless messaging devices such as the Blackberry™ wireless pager developed by Research In Motion (“RIM”).™

Presently, a synchronization client on a wireless device watches for changes in a personal information manager (“PIM”) database and uses a network connection to keep the records on a synchronization server and the records in the PIM database synchronized with each other. During this synchronization the PIM database is accessible, and the data is not protected.

BRIEF DESCRIPTION OF THE DRAWINGS

A better understanding of the present invention can be obtained from the following detailed description in conjunction with the following drawings, in which:

FIG. 1 illustrates one embodiment of a block diagram of a device for secure synchronization with a synchronization server;

FIG. 2 illustrates one embodiment of a flow diagram for secure synchronization of a device with a synchronization server; and

FIG. 3 illustrates one embodiment of a computer system.

DETAILED DESCRIPTION

According to one embodiment a system for protecting personal information manager (“PIM”) data on a device is disclosed. In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without some of these specific details. In other instances, well-known structures and devices are shown in block diagram form to avoid obscuring the underlying principles of the present invention.

Reference in the specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the invention. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment.

FIG. 1 illustrates one embodiment of a block diagram of a device 100 securely synchronizing with a synchronization server 160. Device 100 includes a Personal Information Manager (PIM) application 110, a PIM database 120, a replicator 130, a crypto container 140 and a synchronizer 150.

PIM application 110 is coupled to PIM database 120. PIM application 110 is a program implementation of a PIM. PIM database is a database that includes PIM information. In one embodiment, the PIM information is kept in separate records.

Crypto container 140 includes a copy of the PIM database (“copyDB”) 145. Crypto container 140 maintains the data inside copyDB 145 in an encrypted format. Crypto container 140 provides an application program interface (“API”) for reading and writing of the data in an unencrypted form. In one embodiment, access to the data in copyDB 145 is only available through the API.

In one embodiment, crypto container 140 may be in an unlocked or a locked state. When crypto container 140 is in the unlocked state cipher keys are initialized and external applications (e.g. PIM application 110) have access to the data in copyDB 145 via the API. In the locked state, the cipher keys are erased and external applications do not have access to the data in copyDB 145.

In one embodiment, SureWave™ Mobile Defense developed by JP Mobile, Inc™ provides for the implementation of crypto container 140. However, other implementations may be used. The data in copyDB 145 may be stored in a database format, or in another embodiment, the data may be stored in a file or file system via a system driver.

Replicator 130 is coupled to PIM database 120 and crypto container 140. Replicator 130 synchronizes PIM database 120 with copyDB 145.

Synchronizer 150 is coupled to crypto container 140 and synchronization server 160. In one embodiment, synchronizer 150 is implemented using SureWave™ Manager developed by JP Mobile, Inc™. However, other implementations may be used. Synchronizer 150 synchronizes copyDB 145 and synchronization server 160 via a network connection. In one embodiment, the network connection is wired. However, the network connection may be wireless.

In one embodiment, device 100 may operate in one of the three following states: low security, medium security, and high security. The following table illustrates the possible transitions between states for device 100.

Initial state Final state Condition Low security Medium security Manual lock, auto-lock, remote lock Medium security High security Security alert or remote lock Low security High security Security alert or remote lock High security Low security Device unlock Medium security Low security Device unlock

The security state of device 100 may change for various reasons. Some of the reasons may include: failed attempts to enter a password for device 100 have exceeded a predetermined amount, an attempted remote command via short message service (“SMS”) or electronic mail (“e-mail”) may have occurred, or a network intrusion may have been detected. However, other reasons may cause an increase in the security state of device 100.

In one embodiment, the low security state, the medium security state, and the high security state of device 100 correspond to an unlocked device mode, a locked/sync device mode, and a lock/emergency device mode, respectively.

In the unlocked device mode, copyDB 145 is unlocked. Synchronizer 150 is authorized to synchronize data between synchronization server 160 and copyDB 145. Replicator 130 is also authorized to synchronize the data in PIM database 120 and copyDB 145. The PIM data in PIM database 120 is available for use by PIM application 110, and the graphical user interface (“GUI”) of device 100 is unblocked.

In the locked/sync mode, PIM database 120 is cleared, and no unencrypted data is available. The PIM data in PIM database 120 is unavailable to PIM application 110. Replicator 130 is stopped, and copyDB 145 is unlocked. Synchronizer 150 is still authorized to synchronize data between synchronization server 160 and copyDB 145.

In the locked/emergency mode, PIM database 120 is cleared and no unencrypted data is available. The PIM data in PIM database 120 is unavailable to PIM application 110. Replicator 130 is stopped, copyDB 145 is locked, and cipher keys are cleared. Synchronizer 150 is also stopped, and the network connection is closed.

FIG. 2 illustrates one embodiment of a flow diagram for secure synchronization of a device with a synchronization server. At process block 210, synchronization between device 100 and synchronization server 160 is initiated. At decision block 215, it is determined whether device 100 is in the unlocked device mode.

If device 100 is in the unlocked device mode then the PIM data is unlocked for use by application 110, process block 220. At process block 225, replicator 130 synchronizes the data in PIM database 120 and copyDB 145. At process block 230, synchronizer 150 synchronizes data between synchronization server 160 and crypto container 140.

If device 100 is not in the unlocked device mode then the PIM data in PIM database 120 is locked and thus unavailable to PIM application 110, process block 235. At process block 240, replicator 130 is stopped. At decision block 245, it is determined whether device 100 is in the locked/sync mode.

If device 100 is in the locked/sync mode then synchronizer 150 synchronizes data between synchronization server 160 and crypto container 140, process block 230.

If device 100 is not in the locked/sync mode then device 100 is in the locked/emergency mode synchronizer 150 is stopped, process block 250.

The system described above provides for an efficient mechanism to protect PIM data on a device connected to a server.

FIG. 3 illustrates a computer system 300 on which device 100 and or synchronization server 160 may be implemented. Computer system 300 includes a system bus 320 for communicating information, and a processor 310 coupled to bus 320 for processing information. According to one embodiment, processor 310 is implemented using one of the multitudes of Motorola ARM family of processors of microprocessors. Nevertheless one of ordinary skill in the art will appreciate that other processors may be used.

Computer system 300 further comprises a random access memory (RAM) or other dynamic storage device 325 (referred to herein as main memory), coupled to bus 320 for storing information and instructions to be executed by processor 310. Main memory 325 also may be used for storing temporary variables or other intermediate information during execution of instructions by processor 310. Computer system 300 also may include a read only memory (ROM) and/or other static storage device 326 coupled to bus 320 for storing static information and instructions used by processor 310.

A data storage device 325 such as a magnetic disk or optical disc and its corresponding drive may also be coupled to computer system 300 for storing information and instructions. Computer system 300 can also be coupled to a second I/O bus 350 via an I/O interface 330. A plurality of I/O devices may be coupled to I/O bus 350, including a display device 324; an input device (e.g., an alphanumeric input device 523 and/or a cursor control device 322).

The communication device 321 is for accessing other computers (servers or clients) via a network. The communication device 321 may comprise a modem, a network interface card, or other well-known interface device, such as those used for coupling to Ethernet, token ring, or other types of networks.

Embodiments of the invention may include various steps as set forth above. The steps may be embodied in machine-executable instructions. The instructions can be used to cause a general-purpose or special-purpose processor to perform certain steps. Alternatively, these steps may be performed by specific hardware components that contain hardwired logic for performing the steps, or by any combination of programmed computer components and custom hardware components.

Elements of the present invention may also be provided as a machine-readable medium for storing the machine-executable instructions. The machine-readable medium may include, but is not limited to, floppy diskettes, optical disks, CD-ROMs, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, magnetic or optical cards, propagation media or other type of media/machine-readable medium suitable for storing electronic instructions. For example, the present invention may be downloaded as a computer program which may be transferred from a remote computer (e.g., a server) to a requesting computer (e.g., a client) by way of data signals embodied in a carrier wave or other propagation medium via a communication link (e.g., a modem or network connection).

Throughout the foregoing description, for the purposes of explanation, numerous specific details were set forth in order to provide a thorough understanding of the invention. It will be apparent, however, to one skilled in the art that the invention may be practiced without some of these specific details. Accordingly, the scope and spirit of the invention should be judged in terms of the claims which follow. 

1. A system comprising: a server configured to store data; and a wireless device communicatively coupled to the server, the wireless device including: a client application; a first database configured to store data for access by the client application; a second database configured to store data in an encrypted format; a replicator for synchronizing the data stored in the first database with encrypted data stored in the second database; and a synchronizer for synchronizing the encrypted data stored in the second database with data stored in the server, wherein when the wireless device is operating in a first security level, the synchronizer synchronizes the encrypted data stored in the second database with the data stored in the server, and the replicator synchronizes data stored in the first database with the encrypted data stored in the second database; and when the wireless device is operating in a second security level, different to the first security level, the synchronizer synchronizes the encrypted data stored in the second database with the data stored in the server, and access by the client application to data stored in the first database is restricted.
 2. The system of claim 1 wherein the first database is disabled whenever the wireless device is operating in the second security level.
 3. The system of claim 2 wherein the first database, second database, synchronizer, and replicator are disabled whenever the wireless device is operating in a third security level.
 4. The system of claim 1 wherein the encrypted data stored in the second database is restricted to being read from and written to via an application program interface (API).
 5. The system of claim 1 wherein the current security level increases based on one or more of the following: failed attempts to enter a password for the wireless device exceeds a predetermined amount, occurrence of an attempted remote command via short message service (“SMS”), and detection of a network intrusion.
 6. The system of claim 3 wherein the first, second, and third security levels correspond to the following device modes: an unlocked device mode, a locked/sync device mode, and a lock/emergency device mode.
 7. The system of claim 1 wherein the synchronizer is coupled to the server via one of: a wired network, and wireless network.
 8. A method of controlling access to data held on a wireless device, the wireless device comprising a first database and a second database, different from the first database, the second database being configured to store data in an encrypted format, the wireless device being capable of operating in a first security mode and a second, different, security mode, wherein, when operating in the first security mode, the wireless device is configured to: synchronize the data stored in the first database with encrypted data stored in the second database; and synchronize encrypted data stored in the second database with data stored on a server remote from the wireless device, the method comprising: determining whether the wireless device is operating in the first security mode or the second security mode; and responsive to a determination that the wireless device is operating in the second security mode, configuring the wireless device so as to restrict access to data stored in the first database, and to synchronize the encrypted data in the second database with data stored in said server.
 9. The system of claim 1, wherein the wireless device is configured such that, when the wireless device is operating in the second security level, synchronization of the data stored in the first database with the encrypted data stored in the second database is restricted.
 10. The method of claim 8 further comprising: responsive to a determination that the device is operating in the second security mode, configuring the wireless device to restrict synchronization of encrypted data stored in the second database with data stored in the first database.
 11. The method of claim 8 further comprising: determining that the device is operating in a third security mode, different to said first and second security modes, and, responsive thereto, interrupting the synchronization of the encrypted data stored in the second database with the data stored in the server.
 12. The method of claim 8, in which the determination that the device is operating in the second security mode is based on one or more of the following: failed attempts to enter a password for the device exceeds a predetermined number, occurrence of an attempted remote command via short message service (“SMS”), and detection of a network intrusion.
 13. The method of claim 12 further comprising erasing cipher keys associated with the encrypted data in the second database in response to determining that the device is operating in the second security mode.
 14. The method of claim 8 wherein the device is coupled to the server via one of: a wired network, and wireless network.
 15. A wireless device comprising: a client application; a first database configured to store data for access by the client application; a second database for storing data in an encrypted format; a replicator for synchronizing data stored in the first database with encrypted data stored in the second database; and a synchronizer for synchronizing the encrypted data stored in the second database with data stored in a server, the wireless device being configured such that: when the wireless device is operating in a first state, the synchronizer synchronizes the encrypted data stored in the second database with the data stored in the server, and the replicator synchronizes data stored in the first database with the encrypted data stored in the second database; and when the wireless device is operating in a second state, different to the first state, the synchronizer synchronizes the encrypted data stored in the second database with the data stored in the server, and the wireless device prevents access by the client application to the data stored in the first database.
 16. The wireless device of claim 15 wherein the first database is disabled whenever the wireless device is operating in the second state.
 17. The wireless device of claim 16 wherein the first database, second database, synchronizer, and replicator are disabled whenever the wireless device is operating in a third state, different to said first and second states.
 18. The wireless device of claim 17 wherein the first, second, and third states correspond to the following device modes: an unlocked device mode, a locked/sync device mode, and a lock/emergency device mode.
 19. The wireless device of claim 15 wherein the first and second states are characterized by different security levels of the wireless device and the wireless device is configured to change a current security level based on one or more of the following: failed attempts to enter a password for the device exceeds a predetermined amount, occurrence of an attempted remote command via short message service (“SMS”), and detection of a network intrusion.
 20. The wireless device of claim 15, wherein the synchronized data comprises personal information manager data.
 21. The wireless device of claim 15, wherein, when the device is operating in the second state, the replicator is prevented from synchronizing the data stored in the first database with the encrypted data stored in the second database.
 22. The wireless device of claim 15, wherein, when the device is operating in the second state, the data stored in the first database is deleted.
 23. The method of claim 8, in which: the device comprises a client application and, when the device is operating in a first mode, the data stored in the first database is accessible by the client application, and the method comprises, responsive to a determination that the device is in the second mode, restricting access by the client application to the data stored in the first database.
 24. The method of claim 8, comprising, responsive to a determination that the device is in the second mode, deleting the data stored in said first database.
 25. A computer readable storage medium storing computer readable instructions thereon for execution on a wireless device to implement a method of controlling access to data stored thereon, the wireless device comprising a first database configured to store data and a second database, different from the first database, the second database being configured to store data in an encrypted form, the wireless device being capable of operating in a first security mode and a second, different, security mode, wherein, when operating in the first security mode, the wireless device is configured to: synchronize the data stored in the first database with the encrypted data stored in the second database; and synchronize the encrypted data stored in the second database with data stored on a server remote from the wireless device, the computer readable instructions, when executed on a processor of the wireless device, causing the processor to perform the method comprising: receiving an indication of a change of mode from the first to the second mode; and responsive to receipt of said indication, configuring the device so as to restrict access to data stored in the first database, and to maintain said synchronization of the encrypted data stored in the second database with data stored on the remote server.
 26. The computer readable storage medium of claim 25, wherein the computer readable instructions, when executed on a processor of the wireless device, cause the processor, responsive to receipt of said indication, to restrict synchronization of the data stored in the first database with the encrypted data stored in the second database. 